#NSBCS.085 - Finding My Way into Cyber: Why This Field Might Be Your Unexpected Fit Too
Source: NSB Cyber
Finding My Way into Cyber: Why This Field Might Be Your Unexpected Fit Too
Two new interns joined our team this week from Macquarie University. Watching them dive into their projects reminded me of starting my own cyber career, and gave me pause for reflection.
I didn’t come from a technical background. I didn’t know what area I wanted to apply myself to. I studied humanities at university, without a clear plan of what came next, but knowing I wanted to do something meaningful, challenging, and forward-looking. It wasn’t until I started reading about cyber security that something clicked, and I instantly found myself drawn to the scale and urgency of it all.
That interest turned into action, and after some research I discovered that cybersecurity isn’t one job: it’s a broad, multidisciplinary field. And surprisingly, my background helped me more than I expected.
Cybersecurity is often incorrectly viewed as a purely technical field, a game of cat and mouse between hackers in hoodies and intelligence agencies stemming the flow. But in reality, it offers roles suited to all kinds of strengths, from Threat Intelligence and Incident Response to Governance and Risk Management.
Whether you’re more policy-minded, creative, analytical, or technical, there’s a path into cyber. And the industry needs that diversity of thought, because the challenges we face are constantly evolving.
Why Cyber Might be Right for You
Cybersecurity offers something unique. It’s intellectually engaging, fast-paced, and socially important. You’re not just keeping systems safe, you’re actively helping to protect people, organisations, and even critical infrastructure.
If you're unsure where to go next, and especially if your background doesn’t “match” the usual tech roles, you may want to consider cyber. You don’t need to tick every box; just a desire to keep learning.
My path wasn’t conventional, but it led me to a career that’s rewarding, impactful, and constantly evolving. Maybe it could do the same for you.
What we read this week
Hackers Utilise Facebook Ads to Distribute JSCEAL Malware Through Fake Cryptocurrency Trading Apps - Cybersecurity researchers have highlighted an ongoing campaign since March 2024 that leverages malicious advertisements on Facebook to spread fake cryptocurrency trading applications, ultimately deploying a compiled V8 JavaScript malware known as JSCEAL. The attackers employ stolen or newly created Facebook accounts to post ads that redirect victims through a chain to counterfeit websites mimicking services like TradingView, initiating a multi-layered infection process with anti-analysis features. This involves script-based fingerprinting, HTTP listeners on localhost port 30303, DLL unpacking, and PowerShell backdoors to exfiltrate system data. If deemed valuable, the host receives JSCEAL, which acts as a local proxy to intercept traffic, inject scripts into banking and crypto sites for credential theft, capture keystrokes, screenshots, and browser data, and enable remote access. The malware's obfuscation and compilation make it challenging for traditional security tools to detect. Organisations are advised to remain vigilant against suspicious ads and implement advanced behavioural analysis to counter such sophisticated threats.
Check Point Software Rejects Acquisition Interest Amid Rising Cyber Security Revenues - Israeli cybersecurity firm Check Point Software Technologies has affirmed its independence, with CEO Nadav Zafrir stating the company is not seeking to be acquired despite recent industry consolidations, preferring to utilise its $3 billion cash reserves for its own acquisitions to become a global leader. This announcement follows a second-quarter earnings report showing a 9% increase in adjusted earnings per share to $2.37 and a 6% revenue growth to $665 million, driven by higher sales of network protection products. Product and licence revenues rose 12% to $132 million, while security subscriptions increased 10% to $298 million. For the third quarter, Check Point projects revenues of $657-$687 million and adjusted EPS of $2.40-$2.50, maintaining its full-year outlook of up to 11% growth. This stance comes amid broader industry trends, including Palo Alto Networks' $25 billion acquisition of CyberArk and Google's $32 billion purchase of Wiz, underscoring the demand for robust cybersecurity solutions.
Scattered Spider Arrests Temporarily Slow Attacks, But Copycat Groups Maintain Pressure - Recent arrests of alleged members of the Scattered Spider (UNC3944) hacking group in the UK have resulted in a noticeable decline in their activities, with no new intrusions directly linked to them reported by Mandiant Consulting, providing organisations an opportunity to analyse tactics and strengthen defences. However, emerging copycat actors are adopting similar social engineering methods, including phishing, push bombing, SIM swaps, and impersonation to bypass multi-factor authentication and install remote access tools. Scattered Spider, targeting sectors such as retail, airlines, and transportation in North America, has utilised malware like Ave Maria, Raccoon Stealer, Vidar Stealer, and Ratty RAT, alongside DragonForce ransomware to encrypt VMware ESXi hypervisors. They also exploit Snowflake for rapid data exfiltration and monitor internal communications via Slack, Teams, and Exchange. Security teams should prioritise phishing-resistant MFA, offline backups, and enhanced monitoring for anomalous logins to mitigate ongoing risks from these evolving threats. A collaborative alert from agencies including the FBI, CISA, RCMP, ACSC, AFP, CCCS, and NCSC-UK can help organisations to mitigate attacks by the Scattered Spider group.
Hackers Exploit SAP NetWeaver Vulnerability to Deploy Auto-Color RAT in Targeted Attack - In a sophisticated cyberattack on a US-based chemicals company in April 2025, threat actors exploited CVE-2025-31324, a critical file upload vulnerability in SAP NetWeaver application servers, to upload malicious files and potentially achieve remote code execution. The assault began with reconnaissance on April 25, using specific URIs and DNS tunnelling to out-of-band application security testing domains, followed by downloading a ZIP file from IP 91[.]193[.]19[.]109 and executing a shell script via helper.jsp. This established C2 connections to 47[.]97[.]42[.]177 over port 3232, linked to the Supershell platform and China-affiliated groups. The deployed Auto-Color RAT, active since November 2024 targeting universities and governments, renames itself, deploys a malicious library libcext.so.2, and achieves persistence by manipulating /etc/ld.so.preload to hook system functions. Darktrace detected and contained the attack, preventing activation. Administrators of SAP NetWeaver systems must apply patches immediately, review access logs, and implement input validation to prevent similar compromises.
References
https://thehackernews.com/2025/07/hackers-use-facebook-ads-to-spread.html
https://www.reuters.com/technology/israels-check-point-software-aims-go-it-alone-cyber-security-sales-rise-2025-07-30/
https://thehackernews.com/2025/07/scattered-spider-hacker-arrests-halt.html
https://cybersecuritynews.com/sap-netweaver-vulnerability-exploited-malware/